Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Buckeye_Sam

Posted 14 July 2005 - 03:08 PM

Buckeye_Sam

Malware Expert

Member

10,019 posts

Your hijackthis this log shows a variety of malware in addition to 180 Search. Adaware would have helped with some of it, but it's doubtful that it cleaned up everything. I would recommend at least posting a new hijackthis log. Then I'll take a look at what's still there and we'll determine the best course of action.

What we checked:Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer. Results:We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available - 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable Trojan/Worm Name Trojan/Worm Type Action Taken

What we checked:Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix. Results:We have detected 3 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.Risk Level Issue How to Fix Important This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes.;The vulnerability is caused by an unchecked buffer in the Microsoft Office WordPerfect Converter. MS04-027 Critical This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes. MS04-028 Important A vulnerability in ASP.NET allows an attacker to bypass the security of an ASP.NET Web site, and access a machine. The attacker gains unauthorized access to some areas of the said Web site, and is able to control it accordingly. The actions that the attacker could take would depend on the specific content being protected. MS05-004

Posted 18 July 2005 - 04:26 PM

Double click on 'Newuninst.exe' and press *Uninstall*. Let it run and when the progress bar says *complete* you can then press *close*. You must be online to have this work and do not block any attempts for the program to connect to internet if your firewall requests access. It will just run and then close.

C:\WINDOWS\System32\j?vaw.exe <- the ? could represent any character, but this file is around 401kb and was created on 7/13/05.C:\WINDOWS\dpusys.iniC:\WINDOWS\sepsd.binC:\WINDOWS\smdat32m.sysC:\WINDOWS\Downloaded Program Files\popcaploader.dllC:\WINDOWS\Downloaded Program Files\popcaploader.infC:\WINDOWS\Downloaded Program Files\VBouncerOuter1137040505.EXEC:\WINDOWS\SYSTEM32\SahImages C:\WINDOWS\e359hchk.exeC:\WINDOWS\inf\alchem.infC:\WINDOWS\inf\biH.infC:\WINDOWS\inf\biini.infC:\WINDOWS\inf\polall1r.infC:\WINDOWS\system32\Arzhag6.exeC:\WINDOWS\system32\AthffaH.exeC:\WINDOWS\system32\atiupdate5.exeC:\WINDOWS\system32\Azw54.exeC:\WINDOWS\system32\calsdr.dllC:\WINDOWS\system32\calsdr.exeC:\WINDOWS\system32\exul.exeC:\WINDOWS\system32\GivLt51.exeC:\WINDOWS\system32\Hcj2s6.exeC:\WINDOWS\system32\HraiNO18.exeC:\WINDOWS\system32\Jls3.exeC:\WINDOWS\system32\KrwH5f.exeC:\WINDOWS\system32\KtrA.exeC:\WINDOWS\system32\lmf32v.dll_tobedeletedC:\WINDOWS\system32\MkqjPr5.exeC:\WINDOWS\system32\Msrv32.exeC:\WINDOWS\system32\NipM9X44.exeC:\WINDOWS\system32\OfoWP.exeC:\WINDOWS\system32\OjqN0Y44.exeC:\WINDOWS\system32\PsqfRame.exeC:\WINDOWS\system32\Pws1B4.exeC:\WINDOWS\system32\RodeL8.exeC:\WINDOWS\system32\Shex.exeC:\WINDOWS\system32\Ssa9.exeC:\WINDOWS\system32\TtsKDJTq.exeC:\WINDOWS\system32\Ufmmx.exeC:\WINDOWS\system32\Uvz6.exeC:\WINDOWS\system32\WnwEwc.exeC:\WINDOWS\system32\Wqxd.exeC:\WINDOWS\system32\YtaxJ.exeC:\WINDOWS\system32\Yhrt.exeC:\WINDOWS\system32\LhoK8W3.exeC:\WINDOWS\SYSTEM32\apuc.dllC:\WINDOWS\SYSTEM32\fiz1C:\WINDOWS\SYSTEM32\ide21201.vxdC:\WINDOWS\SYSTEM32\inetp60.dllC:\WINDOWS\SYSTEM32\msbb321.dllC:\WINDOWS\SYSTEM32\pup.exeC:\WINDOWS\SYSTEM32\SWRT01.dll C:\keys.ini

darkmetal505

Posted 19 July 2005 - 05:43 PM

Buckeye_Sam

Posted 19 July 2005 - 06:39 PM

Buckeye_Sam

Malware Expert

Member

10,019 posts

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

You can find instructions on how to enable and reenable system restore here:

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.